Explore top 10 tips to secure your open-source projects now. Read More
×An update that solves 5 vulnerabilities can now be installed.. # python312-3.12.13-6.1 on GA media Announcement ID: openSUSE-SU-2026:11100-1 Rating: moderate Cross-References: * CVE-2026-1502 * CVE-2026-3446 * CVE-2026-4786 * CVE-2026-6019 * CVE-2026-6100 CVSS scores: * CVE-2026-1502 ( SUSE ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N * CVE-2026-1502 ( SUSE ): 5.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-3446 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-3446 ( SUSE ): 6 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-4786 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L * CVE-2026-4786 ( SUSE ): 7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-6019 ( SUSE ): 3.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N * CVE-2026-6019 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-6100 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-6100 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N Affected Products: * openSUSE Tumbleweed An update that solves 5 vulnerabilities can now be installed. ## Description: These are all security issues fixed in the python312-3.12.13-6.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * python312 3.12.13-6.1 * python312-32bit 3.12.13-6.1 * python312-curses 3.12.13-6.1 * python312-dbm 3.12.13-6.1 * python312-idle 3.12.13-6.1 * python312-tk 3.12.13-6.1 * python312-x86-64-v3 3.12.13-6.1 ## References: * https://www.suse.com/security/cve/CVE-2026-1502.html * https://www.suse.com/security/cve/CVE-2026-3446.html *https://www.suse.com/security/cve/CVE-2026-4786.html * https://www.suse.com/security/cve/CVE-2026-6019.html * https://www.suse.com/security/cve/CVE-2026-6100.html . An update for openSUSE addresses 5 issues in python312 that could lead to security risks. Immediate installation recommended.. opensuse security update, python312 vulnerabilities, moderate risk issues. . Severity: moderate. LinuxSecurity.com Team
An update that solves four vulnerabilities can now be installed.. # Security update for python312 Announcement ID: SUSE-SU-2026:2055-1 Release Date: 2026-05-25T14:02:53Z Rating: important References: * bsc#1261969 * bsc#1262098 * bsc#1262319 * bsc#1262654 Cross-References: * CVE-2026-1502 * CVE-2026-4786 * CVE-2026-6019 * CVE-2026-6100 CVSS scores: * CVE-2026-1502 ( SUSE ): 5.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-1502 ( SUSE ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N * CVE-2026-1502 ( NVD ): 5.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4786 ( SUSE ): 7.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4786 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L * CVE-2026-4786 ( NVD ): 7.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-6019 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-6019 ( SUSE ): 3.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N * CVE-2026-6019 ( NVD ): 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-6019 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-6100 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-6100 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H *CVE-2026-6100 ( NVD ): 9.1 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves four vulnerabilities can now be installed. ## Description: This update for python312 fixes the following issues * CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF (bsc#1261969). * CVE-2026-4786: Incomplete mitigation of %action expansion for command injection to webbrowser.open() (bsc#1262319). * CVE-2026-6019: `BaseCookie.js_output()` does not neutralize characters in cookie values embedded in JS (bsc#1262654). * CVE-2026-6100: Arbitrary code execution or information disclosure via use- after-free in decompression modules (bsc#1262098). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-2055=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2055=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2055=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * python312-dbm-3.12.13-150600.3.59.1 * libpython3_12-1_0-3.12.13-150600.3.59.1 * python312-testsuite-3.12.13-150600.3.59.1 * libpython3_12-1_0-debuginfo-3.12.13-150600.3.59.1 * python312-tools-3.12.13-150600.3.59.1 * python312-curses-3.12.13-150600.3.59.1 * python312-debuginfo-3.12.13-150600.3.59.1 * python312-testsuite-debuginfo-3.12.13-150600.3.59.1 *python312-debugsource-3.12.13-150600.3.59.1 * python312-devel-3.12.13-150600.3.59.1 * python312-tk-3.12.13-150600.3.59.1 * python312-core-debugsource-3.12.13-150600.3.59.1 * python312-tk-debuginfo-3.12.13-150600.3.59.1 * python312-base-3.12.13-150600.3.59.1 * python312-curses-debuginfo-3.12.13-150600.3.59.1 * python312-doc-3.12.13-150600.3.59.1 * python312-base-debuginfo-3.12.13-150600.3.59.1 * python312-dbm-debuginfo-3.12.13-150600.3.59.1 * python312-idle-3.12.13-150600.3.59.1 * python312-doc-devhelp-3.12.13-150600.3.59.1 * python312-3.12.13-150600.3.59.1 * openSUSE Leap 15.6 (x86_64) * python312-32bit-debuginfo-3.12.13-150600.3.59.1 * python312-32bit-3.12.13-150600.3.59.1 * libpython3_12-1_0-32bit-3.12.13-150600.3.59.1 * libpython3_12-1_0-32bit-debuginfo-3.12.13-150600.3.59.1 * python312-base-32bit-debuginfo-3.12.13-150600.3.59.1 * python312-base-32bit-3.12.13-150600.3.59.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libpython3_12-1_0-64bit-3.12.13-150600.3.59.1 * python312-base-64bit-debuginfo-3.12.13-150600.3.59.1 * python312-64bit-debuginfo-3.12.13-150600.3.59.1 * python312-64bit-3.12.13-150600.3.59.1 * python312-base-64bit-3.12.13-150600.3.59.1 * libpython3_12-1_0-64bit-debuginfo-3.12.13-150600.3.59.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * python312-dbm-3.12.13-150600.3.59.1 * libpython3_12-1_0-3.12.13-150600.3.59.1 * python312-curses-debuginfo-3.12.13-150600.3.59.1 * python312-tk-3.12.13-150600.3.59.1 * python312-base-debuginfo-3.12.13-150600.3.59.1 * python312-dbm-debuginfo-3.12.13-150600.3.59.1 * python312-idle-3.12.13-150600.3.59.1 * python312-curses-3.12.13-150600.3.59.1 * python312-debuginfo-3.12.13-150600.3.59.1 * libpython3_12-1_0-debuginfo-3.12.13-150600.3.59.1 * python312-3.12.13-150600.3.59.1 * python312-tools-3.12.13-150600.3.59.1 * python312-core-debugsource-3.12.13-150600.3.59.1 *python312-debugsource-3.12.13-150600.3.59.1 * python312-tk-debuginfo-3.12.13-150600.3.59.1 * python312-devel-3.12.13-150600.3.59.1 * python312-base-3.12.13-150600.3.59.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * python312-dbm-3.12.13-150600.3.59.1 * libpython3_12-1_0-3.12.13-150600.3.59.1 * python312-tk-3.12.13-150600.3.59.1 * python312-curses-debuginfo-3.12.13-150600.3.59.1 * python312-base-debuginfo-3.12.13-150600.3.59.1 * python312-dbm-debuginfo-3.12.13-150600.3.59.1 * python312-idle-3.12.13-150600.3.59.1 * python312-curses-3.12.13-150600.3.59.1 * python312-debuginfo-3.12.13-150600.3.59.1 * libpython3_12-1_0-debuginfo-3.12.13-150600.3.59.1 * python312-3.12.13-150600.3.59.1 * python312-tools-3.12.13-150600.3.59.1 * python312-core-debugsource-3.12.13-150600.3.59.1 * python312-debugsource-3.12.13-150600.3.59.1 * python312-tk-debuginfo-3.12.13-150600.3.59.1 * python312-devel-3.12.13-150600.3.59.1 * python312-base-3.12.13-150600.3.59.1 ## References: * https://www.suse.com/security/cve/CVE-2026-1502.html * https://www.suse.com/security/cve/CVE-2026-4786.html * https://www.suse.com/security/cve/CVE-2026-6019.html * https://www.suse.com/security/cve/CVE-2026-6100.html * https://bugzilla.suse.com/show_bug.cgi?id=1261969 * https://bugzilla.suse.com/show_bug.cgi?id=1262098 * https://bugzilla.suse.com/show_bug.cgi?id=1262319 * https://bugzilla.suse.com/show_bug.cgi?id=1262654 . This update for python312 addresses multiple issues including code execution and command injection; installation instructions included.. python312 security patch, openSUSE vulnerabilities, SUSE advisory. . Severity: Important. LinuxSecurity.com Team
An update that solves one vulnerability and has one security fix can now be installed.. # Security update for python312 Announcement ID: SUSE-SU-2026:1502-1 Release Date: 2026-04-20T16:17:01Z Rating: moderate References: * bsc#1258364 * bsc#1261970 Cross-References: * CVE-2026-3446 CVSS scores: * CVE-2026-3446 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-3446 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-3446 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.6 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for python312 fixes the following issues: * CVE-2026-3446: Base64 decoding stops at first padded quad by default (bsc#1261970). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1502=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * python312-3.12.13-150600.3.56.1 * python312-debuginfo-3.12.13-150600.3.56.1 * python312-base-3.12.13-150600.3.56.1 * python312-core-debugsource-3.12.13-150600.3.56.1 * python312-doc-devhelp-3.12.13-150600.3.56.1 * python312-testsuite-3.12.13-150600.3.56.1 * python312-tk-3.12.13-150600.3.56.1 * python312-dbm-debuginfo-3.12.13-150600.3.56.1 * libpython3_12-1_0-debuginfo-3.12.13-150600.3.56.1 * python312-tools-3.12.13-150600.3.56.1 * python312-devel-3.12.13-150600.3.56.1 * python312-base-debuginfo-3.12.13-150600.3.56.1 * python312-tk-debuginfo-3.12.13-150600.3.56.1 * libpython3_12-1_0-3.12.13-150600.3.56.1 *python312-debugsource-3.12.13-150600.3.56.1 * python312-dbm-3.12.13-150600.3.56.1 * python312-testsuite-debuginfo-3.12.13-150600.3.56.1 * python312-curses-3.12.13-150600.3.56.1 * python312-curses-debuginfo-3.12.13-150600.3.56.1 * python312-idle-3.12.13-150600.3.56.1 * python312-doc-3.12.13-150600.3.56.1 * openSUSE Leap 15.6 (x86_64) * libpython3_12-1_0-32bit-3.12.13-150600.3.56.1 * python312-32bit-debuginfo-3.12.13-150600.3.56.1 * python312-base-32bit-3.12.13-150600.3.56.1 * python312-32bit-3.12.13-150600.3.56.1 * python312-base-32bit-debuginfo-3.12.13-150600.3.56.1 * libpython3_12-1_0-32bit-debuginfo-3.12.13-150600.3.56.1 * openSUSE Leap 15.6 (aarch64_ilp32) * python312-base-64bit-debuginfo-3.12.13-150600.3.56.1 * libpython3_12-1_0-64bit-3.12.13-150600.3.56.1 * python312-64bit-3.12.13-150600.3.56.1 * python312-base-64bit-3.12.13-150600.3.56.1 * libpython3_12-1_0-64bit-debuginfo-3.12.13-150600.3.56.1 * python312-64bit-debuginfo-3.12.13-150600.3.56.1 ## References: * https://www.suse.com/security/cve/CVE-2026-3446.html * https://bugzilla.suse.com/show_bug.cgi?id=1258364 * https://bugzilla.suse.com/show_bug.cgi?id=1261970 . SUSE 2026 advisory for python312 tackles a major issue with Base64 decoder and requires user action.. openSUSE security, python312 patch, security advisory SUSE, CVE-2026-3446, python package security. . LinuxSecurity.com Team
An update that solves 10 vulnerabilities can now be installed.. # Security update for python312 Announcement ID: SUSE-SU-2026:1107-1 Release Date: 2026-03-27T09:04:10Z Rating: important References: * bsc#1252974 * bsc#1254400 * bsc#1254401 * bsc#1254997 * bsc#1257029 * bsc#1257031 * bsc#1257042 * bsc#1257046 * bsc#1257181 * bsc#1259240 Cross-References: * CVE-2025-11468 * CVE-2025-12084 * CVE-2025-13836 * CVE-2025-13837 * CVE-2025-15282 * CVE-2025-6075 * CVE-2026-0672 * CVE-2026-0865 * CVE-2026-1299 * CVE-2026-2297 CVSS scores: * CVE-2025-11468 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-11468 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2025-11468 ( NVD ): 5.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-12084 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-12084 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-12084 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-12084 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-13836 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-13836 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-13836 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-13836 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-13837 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-13837 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-13837 ( NVD ): 2.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-13837 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-15282 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-15282 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H * CVE-2025-15282 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-6075 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-6075 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-6075 ( NVD ): 1.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-6075 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-0672 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-0672 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-0672 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-0865 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-0865 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H * CVE-2026-0865 ( NVD ): 5.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-1299 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-1299 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2026-1299 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-2297 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-2297 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-2297 ( NVD ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves 10 vulnerabilities can now be installed. ## Description: This update for python312 fixes the following issues: Update to Python 3.12.13: * CVE-2025-6075: quadratic complexity in os.path.expandvars() (bsc#1252974). * CVE-2025-11468: header injection with carefully crafted inputs (bsc#1257029). * CVE-2025-12084: quadratic complexity in xml.minidom node ID cache clearing (bsc#1254997). * CVE-2025-13836: potential memory denial of service in the http.clientmodule (bsc#1254400). * CVE-2025-13837: potential memory denial of service in the plistlib module (bsc#1254401). * CVE-2025-15282: user-controlled data URLs parsed may allow injecting headers (bsc#1257046). * CVE-2026-0672: control characters in http.cookies.Morsel fields and values (bsc#1257031). * CVE-2026-0865: C0 control characters within wsgiref.headers.Headers fields, values, and parameters (bsc#1257042). * CVE-2026-1299: header injection when an email is serialized due to improper newline quoting (bsc#1257181). * CVE-2026-2297: validation bypass via incorrectly handled hook in FileLoader (bsc#1259240). Changelog: \- gh-144125: BytesGenerator will now refuse to serialize (write) headers that are unsafely folded or delimited; see verify_generated_headers. (Contributed by Bas Bloemsaat and Petr Viktorin in gh-121650) (bsc#1257181, CVE-2026-1299). \- gh-143935: Fixed a bug in the folding of comments when flattening an email message using a modern email policy. Comments consisting of a very long sequence of non-foldable characters could trigger a forced line wrap that omitted the required leading space on the continuation line, causing the remainder of the comment to be interpreted as a new header field. This enabled header injection with carefully crafted inputs (bsc#1257029 CVE-2025-11468). \- gh-143925: Reject control characters in data: URL media types (bsc#1257046, CVE-2025-15282). \- gh-143919: Reject control characters in http.cookies.Morsel fields and values (bsc#1257031, CVE-2026-0672). \- gh-143916: Reject C0 control characters within wsgiref.headers.Headers fields, values, and parameters (bsc#1257042, CVE-2026-0865). \- gh-142145: Remove quadratic behavior in xml.minidom node ID cache clearing. In order to do this without breaking existing users, we also add the ownerDocument attribute to xml.dom.minidom elements and attributes created by directly instantiating the Element or Attr class. Note that this way of creating nodes is not supported; creatorfunctions like xml.dom.Document.documentElement() should be used instead (bsc#1254997, CVE-2025-12084). \- gh-137836: Add support of the "plaintext" element, RAWTEXT elements "xmp", "iframe", "noembed" and "noframes", and optionally RAWTEXT element "noscript" in html.parser.HTMLParser. \- gh-136063: email.message: ensure linear complexity for legacy HTTP parameters parsing. Patch by Bndikt Tran. \- gh-136065: Fix quadratic complexity in os.path.expandvars() (bsc#1252974, CVE-2025-6075). \- gh-119451: Fix a potential memory denial of service in the http.client module. When connecting to a malicious server, it could cause an arbitrary amount of memory to be allocated. This could have led to symptoms including a MemoryError, swapping, out of memory (OOM) killed processes or containers, or even system crashes (CVE-2025-13836, bsc#1254400). \- gh-119452: Fix a potential memory denial of service in the http.server module. When a malicious user is connected to the CGI server on Windows, it could cause an arbitrary amount of memory to be allocated. This could have led to symptoms including a MemoryError, swapping, out of memory (OOM) killed processes or containers, or even system crashes. \- gh-119342: Fix a potential memory denial of service in the plistlib module. When reading a Plist file received from untrusted source, it could cause an arbitrary amount of memory to be allocated. This could have led to symptoms including a MemoryError, swapping, out of memory (OOM) killed processes or containers, or even system crashes (bsc#1254401, CVE-2025-13837). \- Library \- gh-144833: Fixed a use-after-free in ssl when SSL_new() returns NULL in newPySSLSocket(). The error was reported via a dangling pointer after the object had already been freed. \- gh-144363: Update bundled libexpat to 2.7.4 \- gh-90949: Add SetAllocTrackerActivationThreshold() and SetAllocTrackerMaximumAmplification() to xmlparser objects to prevent use of disproportional amounts of dynamic memory from within an Expat parser. Patch by Bndikt Tran. ## PatchInstructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1107=1 openSUSE-SLE-15.6-2026-1107=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1107=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1107=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * python312-testsuite-3.12.13-150600.3.48.1 * libpython3_12-1_0-3.12.13-150600.3.48.1 * python312-dbm-3.12.13-150600.3.48.1 * python312-doc-devhelp-3.12.13-150600.3.48.1 * python312-curses-debuginfo-3.12.13-150600.3.48.1 * python312-base-3.12.13-150600.3.48.1 * python312-idle-3.12.13-150600.3.48.1 * python312-testsuite-debuginfo-3.12.13-150600.3.48.1 * python312-devel-3.12.13-150600.3.48.1 * python312-tools-3.12.13-150600.3.48.1 * python312-doc-3.12.13-150600.3.48.1 * python312-debugsource-3.12.13-150600.3.48.1 * python312-tk-3.12.13-150600.3.48.1 * python312-debuginfo-3.12.13-150600.3.48.1 * python312-dbm-debuginfo-3.12.13-150600.3.48.1 * python312-tk-debuginfo-3.12.13-150600.3.48.1 * python312-curses-3.12.13-150600.3.48.1 * libpython3_12-1_0-debuginfo-3.12.13-150600.3.48.1 * python312-base-debuginfo-3.12.13-150600.3.48.1 * python312-core-debugsource-3.12.13-150600.3.48.1 * python312-3.12.13-150600.3.48.1 * openSUSE Leap 15.6 (x86_64) * python312-32bit-3.12.13-150600.3.48.1 * libpython3_12-1_0-32bit-debuginfo-3.12.13-150600.3.48.1 * python312-base-32bit-debuginfo-3.12.13-150600.3.48.1 * python312-32bit-debuginfo-3.12.13-150600.3.48.1 * libpython3_12-1_0-32bit-3.12.13-150600.3.48.1 * python312-base-32bit-3.12.13-150600.3.48.1 * openSUSE Leap 15.6 (aarch64_ilp32) *python312-base-64bit-debuginfo-3.12.13-150600.3.48.1 * libpython3_12-1_0-64bit-debuginfo-3.12.13-150600.3.48.1 * python312-base-64bit-3.12.13-150600.3.48.1 * libpython3_12-1_0-64bit-3.12.13-150600.3.48.1 * python312-64bit-debuginfo-3.12.13-150600.3.48.1 * python312-64bit-3.12.13-150600.3.48.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * python312-curses-debuginfo-3.12.13-150600.3.48.1 * python312-base-3.12.13-150600.3.48.1 * python312-base-debuginfo-3.12.13-150600.3.48.1 * python312-debugsource-3.12.13-150600.3.48.1 * python312-idle-3.12.13-150600.3.48.1 * python312-tk-3.12.13-150600.3.48.1 * python312-devel-3.12.13-150600.3.48.1 * python312-debuginfo-3.12.13-150600.3.48.1 * python312-dbm-debuginfo-3.12.13-150600.3.48.1 * python312-tk-debuginfo-3.12.13-150600.3.48.1 * python312-tools-3.12.13-150600.3.48.1 * python312-core-debugsource-3.12.13-150600.3.48.1 * libpython3_12-1_0-3.12.13-150600.3.48.1 * python312-curses-3.12.13-150600.3.48.1 * libpython3_12-1_0-debuginfo-3.12.13-150600.3.48.1 * python312-3.12.13-150600.3.48.1 * python312-dbm-3.12.13-150600.3.48.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * python312-curses-debuginfo-3.12.13-150600.3.48.1 * python312-base-3.12.13-150600.3.48.1 * python312-base-debuginfo-3.12.13-150600.3.48.1 * python312-debugsource-3.12.13-150600.3.48.1 * python312-idle-3.12.13-150600.3.48.1 * python312-tk-3.12.13-150600.3.48.1 * python312-devel-3.12.13-150600.3.48.1 * python312-debuginfo-3.12.13-150600.3.48.1 * python312-dbm-debuginfo-3.12.13-150600.3.48.1 * python312-tk-debuginfo-3.12.13-150600.3.48.1 * python312-tools-3.12.13-150600.3.48.1 * python312-core-debugsource-3.12.13-150600.3.48.1 * libpython3_12-1_0-3.12.13-150600.3.48.1 * python312-curses-3.12.13-150600.3.48.1 * libpython3_12-1_0-debuginfo-3.12.13-150600.3.48.1 * python312-3.12.13-150600.3.48.1 *python312-dbm-3.12.13-150600.3.48.1 ## References: * https://www.suse.com/security/cve/CVE-2025-11468.html * https://www.suse.com/security/cve/CVE-2025-12084.html * https://www.suse.com/security/cve/CVE-2025-13836.html * https://www.suse.com/security/cve/CVE-2025-13837.html * https://www.suse.com/security/cve/CVE-2025-15282.html * https://www.suse.com/security/cve/CVE-2025-6075.html * https://www.suse.com/security/cve/CVE-2026-0672.html * https://www.suse.com/security/cve/CVE-2026-0865.html * https://www.suse.com/security/cve/CVE-2026-1299.html * https://www.suse.com/security/cve/CVE-2026-2297.html * https://bugzilla.suse.com/show_bug.cgi?id=1252974 * https://bugzilla.suse.com/show_bug.cgi?id=1254400 * https://bugzilla.suse.com/show_bug.cgi?id=1254401 * https://bugzilla.suse.com/show_bug.cgi?id=1254997 * https://bugzilla.suse.com/show_bug.cgi?id=1257029 * https://bugzilla.suse.com/show_bug.cgi?id=1257031 * https://bugzilla.suse.com/show_bug.cgi?id=1257042 * https://bugzilla.suse.com/show_bug.cgi?id=1257046 * https://bugzilla.suse.com/show_bug.cgi?id=1257181 * https://bugzilla.suse.com/show_bug.cgi?id=1259240 . SUSE released an important python312 update addressing 10 security issues, including memory denial of service vulnerabilities.. SUSE security python312 update important memory denial of service. . Severity: Important. LinuxSecurity.com Team
An update that solves one vulnerability can now be installed.. # python312-3.12.13-2.1 on GA media Announcement ID: openSUSE-SU-2026:10377-1 Rating: moderate Cross-References: * CVE-2026-2297 CVSS scores: * CVE-2026-2297 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-2297 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the python312-3.12.13-2.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * python312 3.12.13-2.1 * python312-curses 3.12.13-2.1 * python312-dbm 3.12.13-2.1 * python312-idle 3.12.13-2.1 * python312-tk 3.12.13-2.1 * python312-x86-64-v3 3.12.13-2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-2297.html . This update addresses a security issue in openSUSE's Python 3.12.13 package with moderate severity.. openSUSE update, Python security, package vulnerability. . LinuxSecurity.com Team
An update that solves six vulnerabilities can now be installed.. # Security update for python312 Announcement ID: SUSE-SU-2026:0644-1 Release Date: 2026-02-25T16:28:32Z Rating: important References: * bsc#1257029 * bsc#1257031 * bsc#1257041 * bsc#1257042 * bsc#1257044 * bsc#1257046 Cross-References: * CVE-2025-11468 * CVE-2025-15282 * CVE-2025-15366 * CVE-2025-15367 * CVE-2026-0672 * CVE-2026-0865 CVSS scores: * CVE-2025-11468 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-11468 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2025-11468 ( NVD ): 5.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-15282 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-15282 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H * CVE-2025-15282 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-15366 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-15366 ( SUSE ): 6.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H * CVE-2025-15366 ( NVD ): 5.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-15367 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-15367 ( SUSE ): 6.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H * CVE-2025-15367 ( NVD ): 5.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X *CVE-2026-0672 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-0672 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-0672 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-0865 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-0865 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H * CVE-2026-0865 ( NVD ): 5.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves six vulnerabilities can now be installed. ## Description: This update for python312 fixes the following issues: * CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters (bsc#1257029). * CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using http.cookies.Morsel (bsc#1257031). * CVE-2026-0865: user-controlled header containing newlines can allow injecting HTTP headers (bsc#1257042). * CVE-2025-15366: user-controlled command can allow additional commands injected using newlines (bsc#1257044). * CVE-2025-15282: user-controlled data URLs parsed may allow injecting headers (bsc#1257046). * CVE-2025-15367: control characters may allow the injection of additional commands (bsc#1257041). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-644=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-644=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-644=1 openSUSE-SLE-15.6-2026-644=1 ## Package List: * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * libpython3_12-1_0-debuginfo-3.12.12-150600.3.43.1 * python312-3.12.12-150600.3.43.1 * python312-debuginfo-3.12.12-150600.3.43.1 * python312-curses-debuginfo-3.12.12-150600.3.43.1 * python312-debugsource-3.12.12-150600.3.43.1 * python312-tools-3.12.12-150600.3.43.1 * python312-dbm-debuginfo-3.12.12-150600.3.43.1 * python312-tk-3.12.12-150600.3.43.1 * python312-base-debuginfo-3.12.12-150600.3.43.1 * python312-core-debugsource-3.12.12-150600.3.43.1 * python312-curses-3.12.12-150600.3.43.1 * python312-dbm-3.12.12-150600.3.43.1 * python312-base-3.12.12-150600.3.43.1 * python312-idle-3.12.12-150600.3.43.1 * python312-tk-debuginfo-3.12.12-150600.3.43.1 * libpython3_12-1_0-3.12.12-150600.3.43.1 * python312-devel-3.12.12-150600.3.43.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * libpython3_12-1_0-debuginfo-3.12.12-150600.3.43.1 * python312-3.12.12-150600.3.43.1 * python312-debuginfo-3.12.12-150600.3.43.1 * python312-curses-debuginfo-3.12.12-150600.3.43.1 * python312-debugsource-3.12.12-150600.3.43.1 * python312-tools-3.12.12-150600.3.43.1 * python312-dbm-debuginfo-3.12.12-150600.3.43.1 * python312-tk-3.12.12-150600.3.43.1 * python312-base-debuginfo-3.12.12-150600.3.43.1 * python312-core-debugsource-3.12.12-150600.3.43.1 * python312-curses-3.12.12-150600.3.43.1 * python312-dbm-3.12.12-150600.3.43.1 * python312-base-3.12.12-150600.3.43.1 * python312-idle-3.12.12-150600.3.43.1 * python312-tk-debuginfo-3.12.12-150600.3.43.1 *libpython3_12-1_0-3.12.12-150600.3.43.1 * python312-devel-3.12.12-150600.3.43.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libpython3_12-1_0-debuginfo-3.12.12-150600.3.43.1 * python312-curses-debuginfo-3.12.12-150600.3.43.1 * python312-core-debugsource-3.12.12-150600.3.43.1 * python312-curses-3.12.12-150600.3.43.1 * python312-idle-3.12.12-150600.3.43.1 * python312-tk-debuginfo-3.12.12-150600.3.43.1 * python312-doc-3.12.12-150600.3.43.1 * python312-debugsource-3.12.12-150600.3.43.1 * python312-debuginfo-3.12.12-150600.3.43.1 * python312-dbm-debuginfo-3.12.12-150600.3.43.1 * python312-tk-3.12.12-150600.3.43.1 * python312-testsuite-debuginfo-3.12.12-150600.3.43.1 * python312-base-debuginfo-3.12.12-150600.3.43.1 * libpython3_12-1_0-3.12.12-150600.3.43.1 * python312-testsuite-3.12.12-150600.3.43.1 * python312-3.12.12-150600.3.43.1 * python312-tools-3.12.12-150600.3.43.1 * python312-doc-devhelp-3.12.12-150600.3.43.1 * python312-dbm-3.12.12-150600.3.43.1 * python312-base-3.12.12-150600.3.43.1 * python312-devel-3.12.12-150600.3.43.1 * openSUSE Leap 15.6 (x86_64) * python312-base-32bit-debuginfo-3.12.12-150600.3.43.1 * libpython3_12-1_0-32bit-3.12.12-150600.3.43.1 * python312-32bit-3.12.12-150600.3.43.1 * libpython3_12-1_0-32bit-debuginfo-3.12.12-150600.3.43.1 * python312-base-32bit-3.12.12-150600.3.43.1 * python312-32bit-debuginfo-3.12.12-150600.3.43.1 * openSUSE Leap 15.6 (aarch64_ilp32) * python312-64bit-debuginfo-3.12.12-150600.3.43.1 * libpython3_12-1_0-64bit-3.12.12-150600.3.43.1 * libpython3_12-1_0-64bit-debuginfo-3.12.12-150600.3.43.1 * python312-base-64bit-3.12.12-150600.3.43.1 * python312-64bit-3.12.12-150600.3.43.1 * python312-base-64bit-debuginfo-3.12.12-150600.3.43.1 ## References: * https://www.suse.com/security/cve/CVE-2025-11468.html * https://www.suse.com/security/cve/CVE-2025-15282.html *https://www.suse.com/security/cve/CVE-2025-15366.html * https://www.suse.com/security/cve/CVE-2025-15367.html * https://www.suse.com/security/cve/CVE-2026-0672.html * https://www.suse.com/security/cve/CVE-2026-0865.html * https://bugzilla.suse.com/show_bug.cgi?id=1257029 * https://bugzilla.suse.com/show_bug.cgi?id=1257031 * https://bugzilla.suse.com/show_bug.cgi?id=1257041 * https://bugzilla.suse.com/show_bug.cgi?id=1257042 * https://bugzilla.suse.com/show_bug.cgi?id=1257044 * https://bugzilla.suse.com/show_bug.cgi?id=1257046 . SUSE update addresses important security issues in python312, affecting multiple systems with potential injections.. SUSE python312 security issues important updates header injection. . Severity: Important. LinuxSecurity.com Team
An update that solves three vulnerabilities can now be installed.. # Security update for python312 Announcement ID: SUSE-SU-2026:0025-1 Release Date: 2026-01-05T12:11:33Z Rating: moderate References: * bsc#1254400 * bsc#1254401 * bsc#1254997 Cross-References: * CVE-2025-12084 * CVE-2025-13836 * CVE-2025-13837 CVSS scores: * CVE-2025-12084 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-12084 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-12084 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-12084 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-13836 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-13836 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-13836 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-13836 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2025-13837 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-13837 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-13837 ( NVD ): 2.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X AffectedProducts: * openSUSE Leap 15.6 An update that solves three vulnerabilities can now be installed. ## Description: This update for python312 fixes the following issues: * CVE-2025-12084: quadratic complexity when building nested elements using `xml.dom.minidom` methods that depend on `_clear_id_cache()` can lead to availability issues when building excessively nested documents (bsc#1254997). * CVE-2025-13836: use of `Content-Length` by default when reading an HTTP response with no read amount specified can lead to OOM issues and DoS when a client deals with a malicious server (bsc#1254400). * CVE-2025-13837: data read by the plistlib module according to the size specified by the file itself can lead to OOM issues and DoS (bsc#1254401). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-25=1 openSUSE-SLE-15.6-2026-25=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * python312-core-debugsource-3.12.12-150600.3.40.1 * python312-devel-3.12.12-150600.3.40.1 * python312-dbm-debuginfo-3.12.12-150600.3.40.1 * libpython3_12-1_0-debuginfo-3.12.12-150600.3.40.1 * python312-tk-3.12.12-150600.3.40.1 * python312-doc-devhelp-3.12.12-150600.3.40.1 * python312-debuginfo-3.12.12-150600.3.40.1 * python312-base-debuginfo-3.12.12-150600.3.40.1 * python312-debugsource-3.12.12-150600.3.40.1 * python312-testsuite-3.12.12-150600.3.40.1 * python312-testsuite-debuginfo-3.12.12-150600.3.40.1 * python312-tk-debuginfo-3.12.12-150600.3.40.1 * python312-dbm-3.12.12-150600.3.40.1 * python312-doc-3.12.12-150600.3.40.1 * python312-curses-3.12.12-150600.3.40.1 * libpython3_12-1_0-3.12.12-150600.3.40.1 * python312-idle-3.12.12-150600.3.40.1 * python312-base-3.12.12-150600.3.40.1 *python312-3.12.12-150600.3.40.1 * python312-tools-3.12.12-150600.3.40.1 * python312-curses-debuginfo-3.12.12-150600.3.40.1 * openSUSE Leap 15.6 (x86_64) * python312-base-32bit-3.12.12-150600.3.40.1 * python312-base-32bit-debuginfo-3.12.12-150600.3.40.1 * libpython3_12-1_0-32bit-3.12.12-150600.3.40.1 * libpython3_12-1_0-32bit-debuginfo-3.12.12-150600.3.40.1 * python312-32bit-debuginfo-3.12.12-150600.3.40.1 * python312-32bit-3.12.12-150600.3.40.1 * openSUSE Leap 15.6 (aarch64_ilp32) * python312-base-64bit-3.12.12-150600.3.40.1 * libpython3_12-1_0-64bit-debuginfo-3.12.12-150600.3.40.1 * python312-64bit-3.12.12-150600.3.40.1 * python312-64bit-debuginfo-3.12.12-150600.3.40.1 * libpython3_12-1_0-64bit-3.12.12-150600.3.40.1 * python312-base-64bit-debuginfo-3.12.12-150600.3.40.1 ## References: * https://www.suse.com/security/cve/CVE-2025-12084.html * https://www.suse.com/security/cve/CVE-2025-13836.html * https://www.suse.com/security/cve/CVE-2025-13837.html * https://bugzilla.suse.com/show_bug.cgi?id=1254400 * https://bugzilla.suse.com/show_bug.cgi?id=1254401 * https://bugzilla.suse.com/show_bug.cgi?id=1254997 . A moderate security update for python312 resolves multiple vulnerabilities affecting openSUSE systems. Patch now!. python security update, SUSE patch, openSUSE vulnerabilities. . LinuxSecurity.com Team
An update that solves 70 vulnerabilities can now be installed.. # python312-Django6-6.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10005-1 Rating: moderate Cross-References: * CVE-2015-3982 * CVE-2015-5145 * CVE-2015-5963 * CVE-2016-7401 * CVE-2017-12794 * CVE-2017-7233 * CVE-2017-7234 * CVE-2018-16984 * CVE-2018-6188 * CVE-2018-7536 * CVE-2018-7537 * CVE-2019-11358 * CVE-2019-12308 * CVE-2019-12781 * CVE-2019-14232 * CVE-2019-19118 * CVE-2019-19844 * CVE-2019-3498 * CVE-2019-6975 * CVE-2020-13254 * CVE-2020-13596 * CVE-2020-24583 * CVE-2020-24584 * CVE-2020-7471 * CVE-2020-9402 * CVE-2021-31542 * CVE-2021-32052 * CVE-2021-33203 * CVE-2021-33571 * CVE-2021-35042 * CVE-2021-45115 * CVE-2021-45452 * CVE-2022-22818 * CVE-2022-23833 * CVE-2022-28346 * CVE-2022-28347 * CVE-2022-34265 * CVE-2022-36359 * CVE-2022-41323 * CVE-2023-23969 * CVE-2023-24580 * CVE-2023-31047 * CVE-2023-36053 * CVE-2023-41164 * CVE-2023-43665 * CVE-2024-24680 * CVE-2024-27351 * CVE-2024-38875 * CVE-2024-39329 * CVE-2024-39330 * CVE-2024-39614 * CVE-2024-41989 * CVE-2024-41990 * CVE-2024-41991 * CVE-2024-42005 * CVE-2024-45230 * CVE-2024-45231 * CVE-2024-53907 * CVE-2024-53908 * CVE-2024-56374 * CVE-2025-13372 * CVE-2025-26699 * CVE-2025-27556 * CVE-2025-32873 * CVE-2025-48432 * CVE-2025-57833 * CVE-2025-59681 * CVE-2025-59682 * CVE-2025-64459 * CVE-2025-64460 CVSS scores: * CVE-2016-7401 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2018-16984 ( SUSE ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2018-7537 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2019-12308 ( SUSE ): 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2019-12781 ( SUSE ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2019-14232 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2019-19844 ( SUSE ): 6.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2019-3498 ( SUSE ): 4.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2019-6975 ( SUSE ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2020-13596 ( SUSE ): 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N * CVE-2020-24583 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2020-24584 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2020-7471 ( SUSE ): 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L * CVE-2020-9402 ( SUSE ): 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L * CVE-2021-31542 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2021-32052 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2021-33203 ( SUSE ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2021-33571 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2021-45115 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2021-45452 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2022-22818 ( SUSE ): 5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2022-23833 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-28346 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2022-28347 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2022-34265 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-36359 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N * CVE-2023-23969 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-24580 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31047 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2023-36053 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-41164 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2023-43665 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-24680 ( SUSE ): 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-27351 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-38875 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-39329 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2024-39330 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2024-39614 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-41989 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-41990 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-41991 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42005 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-45230 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45231 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2024-53907 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-53908 ( SUSE ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2024-56374 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-56374 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-13372 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2025-26699 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-26699 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-27556 ( SUSE ): 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L * CVE-2025-32873 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-48432 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N * CVE-2025-48432 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:H/SA:N * CVE-2025-57833 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-59681 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-59681 ( SUSE ): 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-59682 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2025-59682 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-64460 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Tumbleweed An update that solves 70 vulnerabilities can now be installed. ## Description: These are all security issues fixed in the python312-Django6-6.0-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * python312-Django6 6.0-1.1 * python313-Django6 6.0-1.1 ## References: * https://www.suse.com/security/cve/CVE-2015-3982.html * https://www.suse.com/security/cve/CVE-2015-5145.html * https://www.suse.com/security/cve/CVE-2015-5963.html * https://www.suse.com/security/cve/CVE-2016-7401.html * https://www.suse.com/security/cve/CVE-2017-12794.html * https://www.suse.com/security/cve/CVE-2017-7233.html * https://www.suse.com/security/cve/CVE-2017-7234.html * https://www.suse.com/security/cve/CVE-2018-16984.html * https://www.suse.com/security/cve/CVE-2018-6188.html * https://www.suse.com/security/cve/CVE-2018-7536.html * https://www.suse.com/security/cve/CVE-2018-7537.html * https://www.suse.com/security/cve/CVE-2019-11358.html * https://www.suse.com/security/cve/CVE-2019-12308.html * https://www.suse.com/security/cve/CVE-2019-12781.html * https://www.suse.com/security/cve/CVE-2019-14232.html * https://www.suse.com/security/cve/CVE-2019-19118.html * https://www.suse.com/security/cve/CVE-2019-19844.html * https://www.suse.com/security/cve/CVE-2019-3498.html * https://www.suse.com/security/cve/CVE-2019-6975.html * https://www.suse.com/security/cve/CVE-2020-13254.html * https://www.suse.com/security/cve/CVE-2020-13596.html * https://www.suse.com/security/cve/CVE-2020-24583.html * https://www.suse.com/security/cve/CVE-2020-24584.html *https://www.suse.com/security/cve/CVE-2020-7471.html * https://www.suse.com/security/cve/CVE-2020-9402.html * https://www.suse.com/security/cve/CVE-2021-31542.html * https://www.suse.com/security/cve/CVE-2021-32052.html * https://www.suse.com/security/cve/CVE-2021-33203.html * https://www.suse.com/security/cve/CVE-2021-33571.html * https://www.suse.com/security/cve/CVE-2021-35042.html * https://www.suse.com/security/cve/CVE-2021-45115.html * https://www.suse.com/security/cve/CVE-2021-45452.html * https://www.suse.com/security/cve/CVE-2022-22818.html * https://www.suse.com/security/cve/CVE-2022-23833.html * https://www.suse.com/security/cve/CVE-2022-28346.html * https://www.suse.com/security/cve/CVE-2022-28347.html * https://www.suse.com/security/cve/CVE-2022-34265.html * https://www.suse.com/security/cve/CVE-2022-36359.html * https://www.suse.com/security/cve/CVE-2022-41323.html * https://www.suse.com/security/cve/CVE-2023-23969.html * https://www.suse.com/security/cve/CVE-2023-24580.html * https://www.suse.com/security/cve/CVE-2023-31047.html * https://www.suse.com/security/cve/CVE-2023-36053.html * https://www.suse.com/security/cve/CVE-2023-41164.html * https://www.suse.com/security/cve/CVE-2023-43665.html * https://www.suse.com/security/cve/CVE-2024-24680.html * https://www.suse.com/security/cve/CVE-2024-27351.html * https://www.suse.com/security/cve/CVE-2024-38875.html * https://www.suse.com/security/cve/CVE-2024-39329.html * https://www.suse.com/security/cve/CVE-2024-39330.html * https://www.suse.com/security/cve/CVE-2024-39614.html * https://www.suse.com/security/cve/CVE-2024-41989.html * https://www.suse.com/security/cve/CVE-2024-41990.html * https://www.suse.com/security/cve/CVE-2024-41991.html * https://www.suse.com/security/cve/CVE-2024-42005.html * https://www.suse.com/security/cve/CVE-2024-45230.html * https://www.suse.com/security/cve/CVE-2024-45231.html * https://www.suse.com/security/cve/CVE-2024-53907.html *https://www.suse.com/security/cve/CVE-2024-53908.html * https://www.suse.com/security/cve/CVE-2024-56374.html * https://www.suse.com/security/cve/CVE-2025-13372.html * https://www.suse.com/security/cve/CVE-2025-26699.html * https://www.suse.com/security/cve/CVE-2025-27556.html * https://www.suse.com/security/cve/CVE-2025-32873.html * https://www.suse.com/security/cve/CVE-2025-48432.html * https://www.suse.com/security/cve/CVE-2025-57833.html * https://www.suse.com/security/cve/CVE-2025-59681.html * https://www.suse.com/security/cve/CVE-2025-59682.html * https://www.suse.com/security/cve/CVE-2025-64459.html * https://www.suse.com/security/cve/CVE-2025-64460.html . Update for openSUSE provides critical fixes addressing 70 security issues related to Django package vulnerabilities.. openSUSE security updates,Django vulnerabilities,python312 security patch. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.